Does 3D secure and net banking sites use x-frame-options header? - McMap

About

Does 3D secure and net banking sites use x-frame-options header?

Asked 14/10, 2014 at 4:59 Answered 14/10, 2019 at 7:44

iframe x-frame-options onlinebanking 3d-secure

C

1

10

I am trying to embed 3D secure and net banking pages in an IFrame, and I am able to achieve it successfully for a few sites which I have tested. But I suspect if ALL the bank pages will open in IFrame.

What if any bank has set x-frame-otpions to SAMEORIGIN or DENY?

Tried searching for a tech spec regarding this, but couldn't find anything.
Is there a common thumb rule or convention (in any spec) that an authenticating bank should/shouldn't use this header? How do I believe if this will work for all the banks?
Any clarifications would be of great help.

P.S.: I know there are other ways of opening the authorization gateways. But still, I need clarity on this approach.

Cruise answered 14/10, 2014 at 4:59 Comment(1)

Would be good to get the definitive answer to this question. As I understand it, 3D secure relies on IFrames and we don't know the banks URLs, therefore all bank sites need to /not/ implement x-frame-options – Outpoint 14/1, 2017 at 19:36

C

0

You typically wouldn't just open an iframe with the bank domain. Instead you open an iframe from an outside payments' provider domain(adyen, braintree etc.) and they, in turn, open another iframe inside so that they only have to allow payments' providers iframe to communicate with it.

What's interesting that those iframes still usually have same-origin policies.

Cluny answered 14/10, 2019 at 7:44 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.